From ddba89d7713923bfbf1c8492c5dc6c6d5b220f1e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <mail@cynapses.org>
Date: Mon, 20 Oct 2008 17:35:42 +0200
Subject: Delete the krb5 ccname variable from the PAM environment if set.

If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
(cherry picked from commit e7b0d1c984a37600a234c1f4c95b06e9b5898f30)
---
 source/nsswitch/pam_winbind.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 95b3d23dd43..15b33e3a2fc 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -2358,6 +2358,13 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
 	}
 
 out:
+	/*
+	 * Delete the krb5 ccname variable from the PAM environment
+	 * if it was set by winbind.
+	 */
+	if (ctx->ctrl & WINBIND_KRB5_AUTH) {
+		pam_putenv(pamh, "KRB5CCNAME");
+	}
 
 	_PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, retval);
 
-- 
cgit